System and Method to Provide Multiple Private Networks Using Pbb

1. A system to provide multiple private networks comprising: a public Metropolitan Ethernet Interface (MAN) consisting of a Provider Backbone Bridge (PBB) network configured to receive a plurality of customer network services each with a separate Service Instance Identifier (I-SID); a plurality of physically separate local area network (LAN) ports configured to communicate data to LAN ports; and a switching process between the PBB interface and the LAN ports; the switching process being configured to create bindings, wherein each binding binds an individual I-SID from the PBB interface to each of the respective LAN ports so as to communicate data packets between the PBB and the bound LAN ports, the data packets being assigned to an individual LAN port based on the I-SID data stream binding, wherein an Ethernet frame format of each data packet includes an Ethernet Media Access Control (MAC) address, wherein the bindings are created independent of the Ethernet frame format Backbone Source Address (B-SA), Backbone Destination Address, (B-DA) and Backbone VLAN Identifier (B-VID) and leave the Ethernet frame format unaltered, such that prior to encapsulation at the PBB interface of a data packet being transmitted from a specific LAN port to the PBB network via a specific binding and after de-encapsulation at the PBB interface of a data packet being transmitted from the packet switched network to the specific LAN port via the specific binding, the specific binding hides the MAC address of the Ethernet frame format of the data packet through that binding from other LAN ports; wherein the bindings between the PBB port and the LAN ports provide network security by hiding the MAC addresses such that a security breach using a duplicate MAC address on a LAN port does not affect operation of other LAN ports.

2. A system as in claim 1 , wherein each LAN port is a physically separate Ethernet port.

3. A system as in claim 1 , wherein the individual data stream that is bound to a single physically separate LAN port is a customer network service instance using a separate I-SID.

4. A system as in claim 1 , wherein the individual data stream is bound to a physically separate LAN port by desired Quality of Service as represented by the Priority bits and other bits in the Instance I-SID and each LAN port is physically separate from and disconnected from all other LAN ports.

5. A system as in claim 1 , further comprising a user space control process configured to control settings for bound LAN ports and switching paths used by the bound LAN ports.

6. A system as in claim 5 , further comprising a remote management interface in communication with the user space control process.

7. A system as in claim 6 , wherein the remote management interface includes a Simple Network Management Protocol (SNMP) interface and a web interface.

8. A system as in claim 1 , wherein the PBB interface comprises a plurality of I-SID which is received from a Metropolitan Area Network (MAN) network.

9. A system as in claim 1 , wherein the switching process registers each LAN by port number and communicates through an operating system to each LAN.

10. A system as in claim 1 , wherein the LANs are Ethernet networks having no tags, headers, layers or fields between an Ethernet header and an IP header.

11. A system as in claim 1 , wherein the MAN is PBB.

12. A system as in claim 1 , wherein the switching process maps individual ISIDs to separate physical LAN ports using direct copying or bridging of Ethernet packets without adding any encapsulation or headers.

13. A system as in claim 1 , wherein the LAN ports are virtual network interface devices.

14. A system as in claim 13 , wherein the virtual network interface devices are wireless LAN ports.

15. A method for interfacing with a network, comprising: receiving a plurality of data streams via one of a plurality of Service Instance Identifiers (I-SIDs) in a Provider Backbone Bridge (PBB) interface; binding each data stream from an I-SID to a physically separate local area network (LAN) port; communicating data packets in each separate data stream associated with each I-SID through to the respectively bound LAN port when data packets are received from the PBB interface, wherein an Ethernet frame format of each data packet includes an Ethernet Media Access Control (MAC) address, wherein the bindings are created independent of the outer Ethernet frame format backbone MAC address including Backbone Source Address (B-SA), Backbone Destination Address (B-DA) and Backbone VLAN Identifier (B-VID) and leave the Ethernet frame format of the inner binding unaltered, such that prior to encapsulation at the PBB interface of a data packet being transmitted from a specific LAN port to the Metropolitan Ethernet Interface (MAN) via a specific binding and after de-encapsulation at the PBB interface of a data packet being transmitted from the MAN to the specific LAN port via the specific binding, the specific binding hides the MAC address of the Ethernet frame format of the data packet through that binding from other LAN ports; and wherein the bindings between the PBB interface and the physically separate LAN ports provide network security by hiding the MAC addresses such that a security breach using a duplicate MAC address on a LAN port cannot affect operation of other LAN ports.

16. A method as in claim 15 , wherein communicating data packets further comprises transmitting each data stream through bound Ethernet ports.

17. A method as in claim 15 , further comprising a step of switching data packets from the PBB interface to separately mapped Ethernet ports using a switching process.

18. A method as in claim 17 , further comprising a step of controlling the switching process via a user space control process configured to control switching process settings.

19. A system as in claim 18 , further comprising a step of receiving user input via a remote management interface in communication with the user space control process.

20. A system for interfacing between networks, comprising: a Provider Backbone Bridge (PBB) interface configured to receive a plurality of data stream via one of a plurality of Service Instance Identifiers (I-SIDs) over a Metropolitan Ethernet Interface (MAN); a plurality of physically separate Ethernet ports configured to communicate data to a local area network (LAN), wherein each LAN is differentiated by the physical LAN port; a switching process in communication with the PBB interface and the Ethernet ports, the switching process being configured to bind each of the I-SIDs to each of the separate Ethernet ports and to forward data packets between the PBB interface and bound Ethernet ports, wherein an Ethernet frame format of each data packet includes a Ethernet Media Access Control (MAC) address, wherein the bindings are created independent of the Ethernet frame format MAC address and leave the Ethernet frame format unaltered, such that prior to encapsulation at the PBB interface of a data packet being transmitted from a specific LAN port to the MAN via a specific binding and after de-encapsulation at the PBB interface of a data packet being transmitted from the MAN to the specific LAN port via the specific binding, the specific binding hides the MAC address of the Ethernet frame format of the data packet through that binding from other LAN ports; and wherein the bindings between the I-SIDs and the Ethernet ports provide network security by hiding the MAC addresses such that a security breach using a duplicate MAC address on an Ethernet port cannot affect operation of other Ethernet ports.

21. A system as in claim 20 , wherein the switching process binds individual I-SIDs to individual Ethernet ports using only bridging without additional encapsulation or alteration of Ethernet frames.

22. A system as in claim 20 further comprising a user space control process configured to control settings and input for the switching process.

23. A system as in claim 22 , further comprising a remote management interface in communication with the user space control process.

24. A system as in claim 20 , wherein data packets sent from the LAN ports through the PBB interface are encapsulated with the Backbone Tag consisting of Backbone Destination Address (B-DA), Backbone Source Address (B-SA) and Backbone VLAN tag (B-VID) as required by interfacing backbone bridges in the MAN network.

25. A system as in claim 24 , wherein data packets received from a plurality of I-SIDs in a PBB interface are de-encapsulated from the B-DA, B-SA and B-VID before mapping to a bound LAN port.

26. A system as in claim 20 , wherein each binding of a separate customer network I-SID to a bound LAN port is physically separate such that it is protected from poisoning or other attacks of ARP or adjacency table poisoning used for each of a plurality of other LANs.

27. A system as in claim 20 , wherein each binding of a separate customer network I-SID to a bound LAN port is separate from the PBB such that the PBB interface will be protected by a poisoning or attack of the ARP or adjacency table for a plurality of bindings between I-SIDs and LAN ports.